Security Analysis of Web Application for Industrial Internet of Things
Narayana, Srikar (2022)
Narayana, Srikar
2022
All rights reserved. This publication is copyrighted. You may download, display and print it for Your own personal use. Commercial use is prohibited.
Julkaisun pysyvä osoite on
https://urn.fi/URN:NBN:fi:amk-2022052010653
https://urn.fi/URN:NBN:fi:amk-2022052010653
Tiivistelmä
With the technological advancement in Internet of Things (IoT), modern manufacturing and service indus-tries are massively shifting towards connected devices and creating a connected ecosystem by deploying third-party Industrial Internet of Things (IIoT) related web applications and connectivity technologies. Due to rising global cyber-attacks on web applications, there is a need for security auditing of IIoT web applica-tions against cyber threats by third-party companies before deploying them onto the industrial network. The research objective of the thesis was to provide a security auditing and testing guide and principles for the IIoT web applications to perform an internal audit and verify the security of web applications against cyber-attacks before and after installing them onto an industrial network. The thesis used a constructive research approach to create SSDLC and ISACA unified innovative security auditing framework and principles for IIoT web applications by examining and analyzing academic publications, security standards, expert community recommendations documents, and best practices. The research evaluated developed con-structed solutions by conducting interviews with application experts using solutions The results showed that implementing the security principles checklist and the security analysis framework, including GDPR policies, authentication, and secure data transmission to audit, helped detect security is-sues beforehand at every SSDLC phase and deploy IIoT web applications resistant to major cyberattacks af-ter deploying to industrial networks. Utilizing security principles and implementing the proposed security auditing framework construct solves the problems stated by the research questions. The proposed con-struct provides the desired security auditing and testing guidelines to develop and deploy secured IIoT web applications in industrial network systems.